General
-
Target
12103b0977f8c4084b6db4056244788bd8cc3bb3428412f258e1029e96993e56
-
Size
1.3MB
-
Sample
250328-q1lc8syms9
-
MD5
1a9f6aaac475378b1cb1e48b6864259d
-
SHA1
a936b039cfa3a17d2cb597c6252985fa7a9fdbe8
-
SHA256
12103b0977f8c4084b6db4056244788bd8cc3bb3428412f258e1029e96993e56
-
SHA512
7aeb57113afbad088048d2fa8b708439fb26255ecc7e513560f2b195c1d574023c1d094e52c66dd918af33901f1702cd28bdc3186a7103a03f81053835c18fea
-
SSDEEP
24576:qPIAahz5w2TK3hLZjaIKdlCRlOZV2fZukMnlG7Kl75/qkh+jA:qPahz5w223/j88fOXiilG7aIjA
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
novida.com.br - Port:
587 - Username:
[email protected] - Password:
joymywife12345PT - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
novida.com.br - Port:
587 - Username:
[email protected] - Password:
joymywife12345PT
Targets
-
-
Target
12103b0977f8c4084b6db4056244788bd8cc3bb3428412f258e1029e96993e56
-
Size
1.3MB
-
MD5
1a9f6aaac475378b1cb1e48b6864259d
-
SHA1
a936b039cfa3a17d2cb597c6252985fa7a9fdbe8
-
SHA256
12103b0977f8c4084b6db4056244788bd8cc3bb3428412f258e1029e96993e56
-
SHA512
7aeb57113afbad088048d2fa8b708439fb26255ecc7e513560f2b195c1d574023c1d094e52c66dd918af33901f1702cd28bdc3186a7103a03f81053835c18fea
-
SSDEEP
24576:qPIAahz5w2TK3hLZjaIKdlCRlOZV2fZukMnlG7Kl75/qkh+jA:qPahz5w223/j88fOXiilG7aIjA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Drops startup file
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-